Versions Compared

Old Version 7

changes.mady.by.user Charles Wernicke

Saved on

compared with

New Version 8

changes.mady.by.user Charles Wernicke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This is a step-by-step guide for adding lnd as a Hot Wallet Buy source. The following example is based on the presumption that the lnd daemon has been installed, configured, and tested for proper use.

Tip

This guide is intended to help you setup a working Lightning node with a functional CAS.

Click here for instructions on installing a Lightning node.

Info

Additional information: Node Tutorial (Generic)

Assemble the required information for CAS:

url : macaroon : cert

url: the fully qualified address for the RPC port of the Lightning server. The RPC port must also be specified, and for this example it will be assumed to be the default port: 8088.

  • If using a SSH tunnel, the URL uses the localhost loopback, and would be: https://127.0.0.1:8088

  • When using the GB Wallet Tunnel, the URL uses the server's public IP instead,

    • e.g. https://123.123.123.123:8088

    • assuming the Lightning server is at public IP 123.123.123.123 (your actual IP will be different).

macaroon: is a type of cryptographic token used in the context of lnd (Lightning Network Daemon) to handle authentication and authorization. It is similar to a cookie, and is required for RPC authentication.

The macaroon must be converted to HEX for use by CAS. Example bash command:

Code Block
xxd -ps -u -c10000 ~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon
image-20240719-185711.png

  • Copy the entire string, and append it to the colon “:” separator at the end of the url.

cert: represents the contents of the tls.cert file from the lnd node. CAS checks the certificate to ensure it is communicating with the intended server. It is required for RPC authentication and encryption.

The file contents must be converted to HEX for use by CAS. Example bash command:

Code Block
xxd -ps -u -c10000 ~/.lnd/tls.cert
image-20240719-190630.png

  • Copy the entire string, and append it to the colon “:” separator at the end of macaroon.

The entire parameter string, once fully assembled, will look something like this:

Code Block
https://123.123.123.123:8088:0201036C6E6402F801030A10F4E593E228A73119BCD52FCCAC68D6B71201301A160A0761646472657373120472656164120577726974651A130A04696E666F120472656164120577726974651A170A08696E766F69636573120472656164120577726974651A210A086D616361726F6F6E120867656E6572617465120472656164120577726974651A160A076D657373616765120472656164120577726974651A170A086F6666636861696E120472656164120577726974651A160A076F6E636861696E120472656164120577726974651A140A057065657273120472656164120577726974651A180A067369676E6572120867656E657261746512047265616400000620DB23D44E6B093EBDA381B7DDF706D74FC95CAF57591861639102DF98F9A8143A:2D2D2D2D2D424547494E2043455254494649434154452D2D2D2D2D0A4D4949434B7A4343416447674177494241674952414B37706E43587132384F53426E7839416F4B4C65455977436759494B6F5A497A6A3045417749774E4445660A4D4230474131554543684D576247356B494746316447396E5A57356C636D46305A57516759325679644445524D4138474131554541784D49596D7868593274690A623367774868634E4D6A45774F4445344D6A45794D6A51795768634E4D6A49784D44457A4D6A45794D6A5179576A41304D523877485159445651514B45785A730A626D5167595856306232646C626D56795958526C5A43426A5A584A304D5245774477594456515144457768696247466A61324A766544425A4D424D47427971470A534D34394167454743437147534D343941774548413049414244594130456175316E572F30794B6F7050684F77394E7838653038576A61515771394D596B57790A514759486235574D2B7A2B36426D6E59447643484A662B496643362B7842435A704739756153393675426D364941436A67634D776763417744675944565230500A4151482F4241514441674B6B4D424D47413155644A51514D4D416F47434373474151554642774D424D41384741315564457745422F7751464D414D42416638770A485159445652304F42425945464F3743484939364F73796E2F636569664E6964546A68614B6174674D476B4741315564455152694D47434343474A7359574E720A596D393467676C7362324E6862476876633353434248567561586943436E56756158687759574E725A58534342324A315A6D4E76626D364842483841414147480A454141414141414141414141414141414141414141414748424D436F2F6D4F484550364141414141414141414773424E2F2F343978703477436759494B6F5A490A7A6A30454177494453414177525149674C686E787269395775744876485536456859626E42337434594C6E4E5A713544714B665A36584F4F6E356B43495144320A4B446963706457776F7073737277766C355968634A45425A525631344D46764238422B76335A6B744B673D3D0A2D2D2D2D2D454E442043455254494649434154452D2D2D2D2D0A

Create a new Crypto Setting

  1. Select “lnd” as your “Hot Wallet Buy” provider, and

  2. enter the parameter string (as assembled above).

  3. If implemented (highly recommended) enable the Wallet Tunnel and enter the password.

OPTIONAL: The default coin abbreviation for “Lightning over Bitcoin” is LBTC. This is an arbitrary decision by GB. It may conflict with other coins you support (e.g. Liquid BTC), in which case you should rename this setting. This is easily done.

Save it!

Test it.

image-20240719-191444.png

Tip

Test your settings before deploying them.

  1. Save your setting first,

  2. return to the same Crypto Setting,

  3. run the test(s).

See: https://generalbytes.atlassian.net/l/cp/9Zdit1KP

Configure the Hot Wallet Sell using the same parameters if you implement it on any 2-way BATMs.

  • Now you know that CAS is communicating with your Lightning node, it’s time for the final leg.

Setup LNURL

You must enable Lightning wallets to interact with your CAS. Lightning is different from other coins; it will get the wallet address after inserting the fiat. CAS will communicate with your node and your customer’s wallet in 2 separate channels simultaneously while broadcasting this transaction.

A Lightning BUY will offer a QR at the time of purchase. The QR must be scanned by the customer using a LNURL-compatible app after the cash is inserted and the transaction is consummated.

  • The QR contains the LNURL invoice as described here: https://github.com/lnurl/luds

  • Due to new US regulations, the Wallet of Satoshi app cannot receive Lightning in the US.

Expose the LNURL on your CAS server:

  1. The LNURL must be exposed to the wild. You have several choices:

    1. NGINX to proxy and publish: https://generalbytes.atlassian.net/l/cp/ZeQdinqS

    2. A Cloudflare tunnel as described here: https://generalbytes.atlassian.net/l/cp/V4Me1X2b

    3. NGROK (unsupported by GB): https://ngrok.com/docs/tls/tls-termination

  2. When using NGINX, open the exposed proxy port to incoming traffic in your firewall (e.g. using UFW).

    1. Configuring Server Firewalls

    2. Port 443 is demonstrated in the NGINX example, so use sudo ufw allow https to expose it.

This endpoints must be certified (via a CA), and publicly accessible from the Internet. The User’s wallet app will connect to it directly when your customer scans the LNURL QR code presented to them - so you must not restrict access to the endpoint by: IP, authorization, or location.

Create the lnurl configuration file.

This file enables LNURL withdrawals (for BUY transactions). If set incorrectly, the wallet be unable to complete the transaction. The LNURL can only be used once (then it is invalidated).

Create the /batm/config/lnurl file:

Code Block
sudo nano /batm/config/lnurl

Add this single line to the file:

Code Block
base_url=https://lnurl.yourcasdomain.com/extensions/lnurl

  • Replace lnurl.yourcasdomain.com with your publicly accessible LNURL domain name.

  • Save the file (Ctrl+X).

Warning

TROUBLESHOOTING LNURL

When accessed in a web browser, the URL should connect, displaying just: BATM LNURL REST Service

  • DOUBLECHECK YOUR NGINX (OR TUNNEL SETTINGS) IF THAT MESSAGE DOESN’T APPEAR.

  • The site must support HTTPS & the URL must specify HTTPS.

  • The URL should have no trailing “/”.

You're done!